name: Restrict PR Authors & Committers permissions: contents: read pull-requests: write on: pull_request: types: [opened, reopened, synchronize] branches: - dev_odex-event - dev_odex25_accounting - dev_odex25_base - dev_odex25_dms - dev_odex25_fleet - dev_odex25_hr - dev_odex25_inventory - dev_odex25_maintenance - dev_odex25_mobile - dev_odex25_pos - dev_odex25_project - dev_odex25_purchase - dev_odex25_realstate - dev_odex25_sales - dev_odex25_survey - dev_odex25_transactions - dev_odex25_website - dev_openeducat_erp-14.0.1.0 - dev_odex25_ensan - dev_odex25_helpdesk - dev_odex25_donation jobs: check_pr_author: runs-on: linting_odex25-standard-modules_runner steps: - name: Validate PR Author & Commit Authors uses: actions/github-script@v7 with: github-token: ${{ secrets.GH_TOKEN }} script: | const allowed = [ "expsa", "moutazmuhammad", "ronozoro", "Abubaker-Altaib", "altexp", "the5abir", "ahmadaking", "kchyounes19", "abdurrahman-saber" ]; const pr = context.payload.pull_request; const prAuthor = pr.user.login; const owner = context.repo.owner; const repo = context.repo.repo; core.info(`PR author: ${prAuthor}`); // Check PR author if (!allowed.includes(prAuthor)) { core.error(`Unauthorized PR author: ${prAuthor}. Closing PR...`); await github.rest.pulls.update({ owner, repo, pull_number: pr.number, state: "closed" }); return; } // Check commit authors const commitList = await github.rest.pulls.listCommits({ owner, repo, pull_number: pr.number }); for (const commit of commitList.data) { const commitAuthor = commit.author ? commit.author.login : null; if (commitAuthor && !allowed.includes(commitAuthor)) { core.error(`Unauthorized commit author: ${commitAuthor}. Closing PR...`); await github.rest.pulls.update({ owner, repo, pull_number: pr.number, state: "closed" }); return; } } core.info("All PR authors and committers are allowed.");